Security Labs

Insights

Alerts

BOOKMARK THIS ALERT

digg
|
del.icio.us
|
reddit
newsvine
|
furl
|
technorati

IEC Web Site Compromised

Date:01.27.2009

Threat Type: Malicious Web Site / Malicious Code

Websense Security Labs™ ThreatSeeker™ Network has discovered that a subdomain of the International Electrotechnical Commission (IEC) Web site has been compromised. The IEC is an international standards organization that prepares and publishes International Standards for all electrical, electronic, and related technologies. Member countries include Japan, Australia, U.S.A., central European countries, and numerous others.

Screenshot of the IEC homepage:

The infected subdomain belongs to the TC26 group. Unprotected users would be subjected to execution of obfuscated Javascript that redirects to an exploit site, hosting exploits for Internet Explorer, QuickTime and AOL SuperBuddy. Successful execution of the exploit code incurs a drive-by download. This installs a backdoor on the compromised machine. Major antivirus vendors are not detecting this payload.

Screenshot of the infected subdomain:

Screenshot of the de-obfuscated code:

Websense® Messaging and Websense Web Security customers are protected against these threats.